Changeset 321

Timestamp:

Mar 17, 2011, 10:07:44 PM (14 years ago)

Author:

katerina

Message:

Fix for ticket #240: The samhain_kmem kernel module should be loaded earlier

Location:

trunk

Files:

• configure.ac (modified) (4 diffs)
• docs/Changelog (modified) (1 diff)
• include/sh_sub.h (modified) (1 diff)
• init/samhain.startGentoo.in (modified) (1 diff)
• init/samhain.startLSB.in (modified) (1 diff)
• init/samhain.startLinux.in (modified) (1 diff)
• src/sh_extern.c (modified) (3 diffs)
• src/sh_ipvx.c (modified) (3 diffs)
• src/sh_kern.c (modified) (2 diffs)
• src/sh_sub.c (modified) (14 diffs)
• src/sh_unix.c (modified) (3 diffs)
• test/testrun_1c.sh (modified) (1 diff)

trunk/configure.ac

@@ -12 +12 @@
 dnl start
 dnl
-AM_INIT_AUTOMAKE(samhain, 2.8.2)
+AM_INIT_AUTOMAKE(samhain, 2.8.3)
 AC_DEFINE([SAMHAIN], 1, [Application is samhain])
 AC_CANONICAL_HOST
@@ -1974 +1974 @@
 
 sh_insmod_cmd=": # no kernel module"
+sh_insmod_pre=": # no kernel module"
 sh_lkm=""
 lkm_inc=""
@@ -2151 +2152 @@
 
                            sh_lkm="${sh_lkm} samhain_kmem.ko"
-                           echo "${sh_insmod_cmd}" | grep 'no kernel module' >/dev/null
-                           if [ $? -eq 0 ]; then
-                              sh_insmod_cmd="modprobe ${install_name}_kmem"
-                           else
-                              sh_insmod_cmd="modprobe ${install_name}_kmem; ${sh_insmod_cmd}"
-                           fi
+                           sh_insmod_pre="modprobe ${install_name}_kmem"
+
                         fi
                 else
@@ -2168 +2165 @@
 AC_SUBST(sh_lkm)
 AC_SUBST(sh_insmod_cmd)
+AC_SUBST(sh_insmod_pre)
 
 AC_SUBST(systemmap)

trunk/docs/Changelog

@@ -1 +1 @@
 2.8.3:
+        * init scripts: load samhain_kmem.ko before samhain starts
+        * slib.c: eliminate mutex from sl_create_ticket()
+        * sh_entropy.c: move pthread usage out of child
+        * sh_hash.c, sh_pthread.c, sh_pthread.h: sh_hash_hashdelete()
+          needs deadlock detection, may be called from within sh_hash_init() 
+          via atexit handler on error condition
+        * sh_suidchk.c, sh_calls.c, sh_calls.h: need a nosub version of lstat()
+          to use with relative path after chdir()
+        * samhain.c, sh_calls.c, sh_calls.h: only run (l)stat() in subprocess
+          after reading config file (to allow disabling)
+        * sh_unix.c: run sh_sub_kill() in parent after forking the daemon
         * fix zeroing of result from getnameinfo() (problem reported by Richard)
         * fix spurious warnings about unsupported address family (reported

trunk/include/sh_sub.h

@@ -2 +2 @@
 #define SH_SUB_H
 
+void sh_kill_sub ();
 int sh_sub_stat  (const char *path, struct stat *buf);
 int sh_sub_lstat (const char *path, struct stat *buf);

trunk/init/samhain.startGentoo.in

@@ -9 +9 @@
 start() {
         ebegin "Starting @install_name@"
+        @sh_insmod_pre@
         /sbin/start-stop-daemon --start --quiet  --exec @sbindir@/@install_name@
         eend $?

trunk/init/samhain.startLSB.in

@@ -87 +87 @@
 case "$1" in
   start)
+        #
+        # Preloaded kernel module
+        #
+        @sh_insmod_pre@
+        #
         ${DAEMON} start
         ERRNUM=$?

trunk/init/samhain.startLinux.in

@@ -140 +140 @@
         fi
         #
+        # Preloaded kernel module
+        #
+        @sh_insmod_pre@
+        #
         case "$DISTRO" in
         debian)

trunk/src/sh_extern.c

@@ -569 +569 @@
   char  infomsg[256];
 
+#ifdef WCONTINUED
+      int wflags = WNOHANG|WUNTRACED|WCONTINUED;
+#else
+      int wflags = WNOHANG|WUNTRACED;
+#endif
+
   SL_ENTER(_("sh_ext_pclose"));
 
@@ -586 +592 @@
 
     nochmal:
-      retval = waitpid(task->pid, &(task->exit_status), WNOHANG|WUNTRACED);
+      retval = waitpid(task->pid, &(task->exit_status), wflags);
       /*@-bufferoverflowhigh@*/
       if (task->pid == retval)
@@ -614 +620 @@
               (void) aud_kill (FIL__, __LINE__, task->pid, 9);
               (void) retry_msleep (0, 30);
-              (void) waitpid (task->pid, NULL, WNOHANG|WUNTRACED);
+              (void) waitpid (task->pid, NULL, wflags);
             }
           else

trunk/src/sh_ipvx.c

@@ -52 +52 @@
 static int sh_ipvx_is_ipv6 (const char * addr)
 {
-  int j;
+  int j, k = 0;
   char c;
   int len = sl_strlen(addr);
@@ -63 +63 @@
         ( c != ':') && ( c != '.'))
       return (1 == 0);
+    else if (c == ':')
+      ++k;
+    else if (c == '.' && k < 3)
+      return (1 == 0); /* ::ffff:ipv4 */
   }
   return (1 == 1);
@@ -234 +238 @@
     }
 #else
-  port = ntohs(((struct sockaddr_in *)sa).sin_port);
+  (void) sa_family;
+  port = ntohs(((struct sockaddr_in *)sa)->sin_port);
 #endif
   return port;

trunk/src/sh_kern.c

@@ -746 +746 @@
   int  errcode;
 
+#ifdef WCONTINUED
+      int wflags = WNOHANG|WUNTRACED|WCONTINUED;
+#else
+      int wflags = WNOHANG|WUNTRACED;
+#endif
+
   /* Close reading side of pipe, and wait some milliseconds
    */
@@ -820 +826 @@
 
   if (status < 0)
-    res = waitpid(mpid, NULL,    WNOHANG|WUNTRACED);
+    res = waitpid(mpid, NULL,    wflags);
   else 
     {
-      res = waitpid(mpid, &status, WNOHANG|WUNTRACED);
+      res = waitpid(mpid, &status, wflags);
       if (res == 0 && 0 != WIFEXITED(status))
         status = WEXITSTATUS(status);

trunk/src/sh_sub.c

@@ -20 +20 @@
 #include "config_xor.h"
 
+/* 0->1 for debug */ 
+#if 0
+#define SH_SUB_DBG 1
+#endif
+
 #ifndef NULL
 #if !defined(__cplusplus)
@@ -62 +67 @@
 static ssize_t sh_sub_read(int fd, void *buf, size_t count);
 
-static void sh_kill_sub()
+void sh_kill_sub()
 {
   SH_MUTEX_LOCK(mutex_sub);
+
   if (sh_child_pid != -1)
     {
       int status;
+#ifdef WCONTINUED
+      int wflags = WNOHANG|WUNTRACED|WCONTINUED;
+#else
+      int wflags = WNOHANG|WUNTRACED;
+#endif
 
       close (parent2child[1]);
       close (child2parent[0]);
 
-      fprintf(stderr, "FIXME kill_sub %d\n", (int) sh_child_pid);
+      /* fprintf(stderr, "FIXME kill_sub %d\n", (int) sh_child_pid); */
 
       /* Let's be rude. */
@@ -80 +91 @@
 
       if (sh_wait_ret == 0)
-        sh_wait_ret = waitpid(          -1, &status, WNOHANG|WUNTRACED);
+        sh_wait_ret = waitpid(          -1, &status, wflags);
       else
-        sh_wait_ret = waitpid(sh_child_pid, &status, WNOHANG|WUNTRACED);
+        sh_wait_ret = waitpid(sh_child_pid, &status, wflags);
 
       sh_child_pid = -1;
     }
+
   SH_MUTEX_UNLOCK(mutex_sub);
   return;
@@ -93 +105 @@
 {
   pid_t res;
-  int   retval = 0;
+  volatile int   retval = 0;
 
   SH_MUTEX_LOCK(mutex_sub);
@@ -162 +174 @@
               ++fd;
             }
+
+          /*
+          for (i = 0; i < 3; ++i)
+            {
+              if ( fcntl(i, F_GETFL, 0) == (-1))
+                (void) open(_("/dev/null"), O_RDWR, 0);
+            }
+          */
 
           /* reset signal handling 
@@ -275 +295 @@
   do {
 
-    // fprintf(stderr, "FIXME wait_com polling..\n");
+    /* fprintf(stderr, "FIXME wait_com polling..\n"); */
 
     do {
@@ -307 +327 @@
             outbuf.errnum = errno;
 
-            // fprintf(stderr, "FIXME wait_com writing..\n");
+            /* fprintf(stderr, "FIXME wait_com writing..\n"); */
 
             ret = sh_sub_write(child2parent[1], &outbuf, sizeof(outbuf));
             if (ret < 0)
               {
-                fprintf(stderr, "FIXME wait_com return 1\n");
+                /* fprintf(stderr, "FIXME wait_com return 1\n"); */
                 return;
               }
@@ -318 +338 @@
         else /* sh_sub_read() < 0 */
           {
-            fprintf(stderr, "FIXME wait_com return 2\n");
+            /* fprintf(stderr, "FIXME wait_com return 2\n"); */
             return;
           }
       }
     
-    // fprintf(stderr, "FIXME wait_com next..\n");
+    /* fprintf(stderr, "FIXME wait_com next..\n"); */
 
   } while (1 == 1);
@@ -362 +382 @@
 }
 
+#ifdef SH_SUB_DBG
+#include <stdarg.h>
+static void debug_it (const char *fmt, ...)
+{
+  char msg[256];
+  va_list ap;
+
+  int fd = open("debug.it", O_CREAT|O_WRONLY|O_APPEND, 0666);
+
+  va_start(ap, fmt);
+  vsnprintf(msg, sizeof(msg), fmt, ap);  /* flawfinder: ignore */
+  va_end(ap);
+
+  write(fd, msg, strlen(msg));
+  write(fd, "\n", 1);
+  close(fd);
+  return;
+}
+#endif
+
 static int sh_sub_stat_int(const char *path, struct stat *buf, char command)
 {
@@ -397 +437 @@
  start:
 
+#ifdef SH_SUB_DBG
+  debug_it("%d sh_child_pid %d\n", (int)getpid(), (int) sh_child_pid);
+#endif
+
   if (sh_child_pid == -1)
     sh_create_sub();
 
-  // fprintf(stderr, "FIXME stat_sub %s\n", inbuf.path);
+#ifdef SH_SUB_DBG
+  debug_it("%d stat_sub %s (%d)\n", (int)getpid(), inbuf.path, (int) sh_child_pid);
+#endif
 
   SH_MUTEX_LOCK(mutex_sub_work);
@@ -412 +458 @@
     }
 
-  // fprintf(stderr, "FIXME stat_sub polling..\n");
+#ifdef SH_SUB_DBG
+  debug_it("%d stat_sub polling..\n", (int)getpid());
+#endif
 
   pfds.fd     = child2parent[0];
@@ -428 +476 @@
     }
 
-  // fprintf(stderr, "FIXME stat_sub reading..\n");
+#ifdef SH_SUB_DBG
+  debug_it("%d stat_sub reading..\n", (int)getpid());
+#endif
 
   retval = sh_sub_read (child2parent[0], &outbuf, sizeof(outbuf));
@@ -444 +494 @@
   if      (sflag == 0)
     {
-      // fprintf(stderr, "FIXME stat_sub done..\n");
+#ifdef SH_SUB_DBG
+      debug_it("%d stat_sub done..\n", (int)getpid());
+#endif
       memcpy(buf, &(outbuf.sbuf), sizeof(struct stat));
       errno = outbuf.errnum;
@@ -451 +503 @@
   else if (sflag == 1)
     {
+#ifdef SH_SUB_DBG
+      debug_it("%d stat_sub error..\n", (int)getpid());
+#endif
       /* could not read, thus subprocess may have gone */
+      sflag = 0;
       goto start;
     }

trunk/src/sh_unix.c

@@ -1909 +1909 @@
   char errbuf[SH_ERRBUF_SIZE];
 
+  extern void sh_kill_sub();
+
   SL_ENTER(_("sh_unix_init"));
 
@@ -1918 +1920 @@
     case 0:  break;                             /* child process continues */
     case -1: SL_RETURN((-1),_("sh_unix_init")); /* error                   */
-    default: aud__exit(FIL__, __LINE__, 0);     /* parent process exits    */
+    default:                                    /* parent process exits    */
+      sh_kill_sub(); 
+      aud__exit(FIL__, __LINE__, 0);
     }
 
@@ -1932 +1936 @@
     case 0:  break;                             /* child process continues */
     case -1: SL_RETURN((-1),_("sh_unix_init")); /* error                   */
-    default: aud__exit(FIL__, __LINE__, 0);     /* parent process exits    */
+    default:                                    /* parent process exits    */
+      sh_kill_sub(); 
+      aud__exit(FIL__, __LINE__, 0);
     }
 

trunk/test/testrun_1c.sh

@@ -340 +340 @@
                 $MAKE  'DBGDEF=-DSH_SUIDTESTDIR=\"${BASE}\"' >/dev/null 2>&1
                 if test x$? = x0; then
-                    [ -z "$verbose" ] || log_msg_ok "make..."; 
+                    [ -z "$verbose" ] || log_msg_ok "make DBGDEF=-DSH_SUIDTESTDIR=${BASE} ..."; 
                 else
                     [ -z "$quiet" ] &&   log_msg_fail "make...";